ross-humphrey · April 27, 2021 12:52
diff --git a/27-04-2021 b/27-04-2021
 Automating Ops Tasks with Systems Manager

 What is Systems Manager?
 - Service that allows you to view and control infra on AWS in an automated fashion

 SSM Capabilities:

 Operations Management
 - Suite of tools to manage AWS resources. 
 - Different dashboards to auotmate operational tasks

 Application Management:
 - Manage applications running in AWS.
 - More specific to the application itself.
 - Run commands and configuration 

 Actions and Change
 - Let us take actions against resource or change a resource
 - Lots of automation comes in here

 Instances and Nodes:
 - Allows us to manage AWS EC2, on prem and VMs (hybrid) and other AWS nodes

 Shared resources:
 - Used for managing and configuring AWS resources 

 Known as SSM documents.



 SSM in Hybrid Environments:
 EC2
 - Can be set up and automate hybrid environments.
 - SSM agent usually installed by default on EC2
 - The SSM agent must be enabled and started on the EC2
 - Allow interaction with SSM via IAM role.

 On Prem
 - SSM agent NOT installed by default.
 - Install AWS provided TLS cert
 - Create managed instance activation and recieve actication ID and code.
 - Create a VM template or boot script to setup SSM 





 Creation Associations and Collecting Inventory:
 In console - AWS Systems Manager
 - The Capabilities are shown as sub menus in the console.
 Operations Management IS NOT TESTED AS PART OF THE EXAM

 Go to Instances & Notes -> Managed Instances
 - This is where you centrally manage your instance. 
 - The IAM role that is attached to the instance profile - give it AmazonSSMFullAccess (for the sake of the demo). In real life - do least privalege.  This allows AWS to push data to SSM 
 - You can setup inventory for your instances. 
 - In inventory - 30 minute is the smallest interval
 - Lots of parameters within the inventory management 
 - Inventory assoications set up resource -> inventory. You can create new association IDs here also. ( IN THE EXAM)


 Run command:
 -  Execte and automation document - and what instances we want to run these on.
 - Command parameters - create shell script / command to run on the instance
 - Specify rate control - how many targets - and how many concurrently
 - Error threshold - how many failures do we allow - to consider successful
 - Can output to an s3 bucket and/or cloudwatch/ sns notifications (depending on events)
 - Can remotely execute commands from this
 - Can execute patching from here 


 State manger - 
 - Shows state of inventory

 Patch Manager
 - Auotmates patching 
 - Can create a patch group - such as dev, stage, prod, and do scheduling based on patch group 
 - Can define a patching schedule within here also -  
 - Uses ‘Run command’ in the background 

 Documents - Show the commands available - 
 - The document screen allows you to run a command. - You can view the content within this page also
	Automating Ops Tasks with Systems Manager

	What is Systems Manager?
	- Service that allows you to view and control infra on AWS in an automated fashion

	SSM Capabilities:

	Operations Management
	- Suite of tools to manage AWS resources.
	- Different dashboards to auotmate operational tasks

	Application Management:
	- Manage applications running in AWS.
	- More specific to the application itself.
	- Run commands and configuration

	Actions and Change
	- Let us take actions against resource or change a resource
	- Lots of automation comes in here

	Instances and Nodes:
	- Allows us to manage AWS EC2, on prem and VMs (hybrid) and other AWS nodes

	Shared resources:
	- Used for managing and configuring AWS resources

	Known as SSM documents.



	SSM in Hybrid Environments:
	EC2
	- Can be set up and automate hybrid environments.
	- SSM agent usually installed by default on EC2
	- The SSM agent must be enabled and started on the EC2
	- Allow interaction with SSM via IAM role.

	On Prem
	- SSM agent NOT installed by default.
	- Install AWS provided TLS cert
	- Create managed instance activation and recieve actication ID and code.
	- Create a VM template or boot script to setup SSM





	Creation Associations and Collecting Inventory:
	In console - AWS Systems Manager
	- The Capabilities are shown as sub menus in the console.
	Operations Management IS NOT TESTED AS PART OF THE EXAM

	Go to Instances & Notes -> Managed Instances
	- This is where you centrally manage your instance.
	- The IAM role that is attached to the instance profile - give it AmazonSSMFullAccess (for the sake of the demo). In real life - do least privalege. This allows AWS to push data to SSM
	- You can setup inventory for your instances.
	- In inventory - 30 minute is the smallest interval
	- Lots of parameters within the inventory management
	- Inventory assoications set up resource -> inventory. You can create new association IDs here also. ( IN THE EXAM)


	Run command:
	- Execte and automation document - and what instances we want to run these on.
	- Command parameters - create shell script / command to run on the instance
	- Specify rate control - how many targets - and how many concurrently
	- Error threshold - how many failures do we allow - to consider successful
	- Can output to an s3 bucket and/or cloudwatch/ sns notifications (depending on events)
	- Can remotely execute commands from this
	- Can execute patching from here


	State manger -
	- Shows state of inventory

	Patch Manager
	- Auotmates patching
	- Can create a patch group - such as dev, stage, prod, and do scheduling based on patch group
	- Can define a patching schedule within here also -
	- Uses ‘Run command’ in the background

	Documents - Show the commands available -
	- The document screen allows you to run a command. - You can view the content within this page also